I've heard a lot about how Microsoft is implementing UEFI Secure Boot in Windows 8. Apparently it prevents "unauthorized" bootloaders from running on the computer, to prevent malware. There's a campaign by the Free Software Foundation against secure boot, and a lot of people have been saying online that it's a "power grab" by Microsoft to "eliminate free operating systems".

If I get a computer that has Windows 8 and Secure Boot preinstalled, will I still be able to install Linux (or some other OS) later? Or does a computer with Secure Boot only ever work with Windows?

1 Answer
1

If you have an ARM tablet running Windows RT (like the Surface RT or the Asus Vivo RT), then you will not be able to disable Secure Boot or install other OSes. Like many other ARM tablets, these devices will only run the OS they come with.

If you have a non-ARM computer running Windows 8 (like the Surface Pro or any of the myriad ultrabooks, desktops, and tablets with an x86-64 processor), then you can disable Secure Boot completely, or you can install your own keys and sign your own bootloader. Either way, you can install a third party OS like a Linux distro or FreeBSD or DOS or whatever pleases you.

Now, on to the details of how this whole Secure Boot thing actually works: There's a lot of misinformation about Secure Boot, especially from the Free Software Foundation and similar groups. This has made it hard to find info about what Secure Boot actually does, so I'll try my best to explain. Note that I have no personal experience with developing secure boot systems or anything like that; this is just what I've learned from reading online.

First of all, Secure Boot is not something that Microsoft came up with. They're the first to widely implement it, but they didn't invent it. It's part of the UEFI specification, which is basically a newer replacement for the old BIOS that you're probably used to. UEFI is basically the software that talks between the OS and the hardware. UEFI standards are created by a group called the "UEFI Forum", which is made up of computing industry representatives including Microsoft, Apple, Intel, AMD, and a handful of computer manufacturers.

Second most important point, having Secure Boot enabled on a computer does not mean that computer can never boot any other operating system. In fact, Microsoft’s own Windows Hardware Certification Requirements state that for non-ARM systems, you must be able to both disable Secure Boot and change the keys (to allow other OSes). More on that later though.

What does Secure Boot do?

Essentially, it prevents malware from attacking your computer through the boot sequence. Malware that enters through the bootloader can be very difficult to detect and stop, because it can infiltrate low-level functions of the operating system, keeping it invisible to antivirus software. All that Secure Boot really does is it verifies that the bootloader is from a trusted source, and that it hasn’t been tampered with. Think of it like the pop-up caps on bottles that say “do not open if lid is popped up or seal has been tampered with”.

At the top level of protection, you have the platform key (PK). There is only one PK on any system, and it is installed by the OEM during manufacturing. This key is used to protect the KEK database. The KEK database holds Key Exchange Keys, which are used to modify the other secure boot databases. There can be multiple KEKs. There is then a third level: the Authorized Database (db) and the Forbidden Datbase (dbx). These contain information about Certificate Authorities, additional cryptographic keys, and UEFI device images to allow or block, respectively. In order for a bootloader to be allowed to run, it must be cryptographically signed with a key that is in the db, and is not in the dbx.

How this works out on a real-world Windows 8 Certified system

The OEM generates its own PK, and Microsoft provides a KEK that the OEM is required to pre-load into the KEK database. Microsoft then signs the Windows 8 Bootloader, and uses their KEK to put this signature in the Authorized Database. When UEFI boots the computer, it verifies the PK, verifies Microsoft’s KEK, and then verifies the bootloader. If everything looks good, then the OS can boot.

Where do third party OSes, like Linux come in?

First, any Linux distro could choose to generate a KEK and ask OEMs to include it in the KEK database by default. They would then have every bit as much control over the boot process as Microsoft does. The problems with this, as explained by Fedora’s Matthew Garrett, are that a) it would be difficult to get every PC manufacturer to include Fedora’s key, and b) it would be unfair to other Linux distros, since their key wouldn’t be included, and smaller distros don’t have as many OEM partnerships.

What Fedora has chosen to do (and other distros are following suit) is to use Microsoft’s signing services. This scenario requires paying $99 to Verisign (the Certificate Authority that Microsoft uses), and grants developers the ability to sign their bootloader using Microsoft’s KEK. Since Microsoft’s KEK will already be in most computers, this allows them to sign their bootloader to use Secure Boot, without requiring their own KEK. It ends up being more compatible with more computers, and costs less overall than dealing with setting up their own key signing and distribution system. There are some more details about how this will work (using GRUB, signed Kernel modules, and other technical info) in the aforementioned blog post, which I recommend reading if you’re interested in this sort of thing.

Suppose you don’t want to deal with the hassle of signing up for Microsoft’s system, or don’t want to pay $99, or just have a grudge against large corporations that start with an M. There is another option to still use Secure Boot and run an OS other than Windows. Microsoft’s hardware certificationrequires that OEMs let users enter their system into UEFI “custom” mode, where they can manually modify the Secure Boot databases and the PK. The system can be put into UEFI Setup Mode, where the user could even specify their own PK, and sign bootloaders themselves.

Furthermore, Microsoft’s own certification requirements make it mandatory for OEMs to include a method to disable Secure Boot on non-ARM systems. You can turn Secure Boot off! The only systems where you can’t disable Secure Boot are ARM systems running Windows RT, which function more similarly to the iPad, where you can’t load custom OSes. Although I wish that it would be possible to change the OS on ARM devices, it is fair to say that Microsoft is following the industry standard with regard to tablets here.

So secure boot is not inherently evil?

So as you can hopefully see, Secure Boot is not evil, and is not restricted only to use with Windows. The reason the FSF and others are so upset about it is because it does add extra steps to using a third-party operating system. Linux distros may not like paying to use Microsoft’s key, but it is the easiest and most cost-effective way to get Secure Boot working for Linux. Fortunately, it is easy to turn Secure Boot off, and possible to add different keys, thus avoiding the need to deal with Microsoft.

Given the amount of increasingly advanced malware, Secure Boot seems like a reasonable idea. It’s not meant to be an evil plot to take over the world, and is a lot less scary than some free software pundits will have you believe.

TL;DR: Secure boot prevents malware from infecting your system at a low, undetectable level during boot. Anybody can create the necessary keys to make it work, but it’s hard to convince computer makers to distribute your key to everyone, so you can alternatively choose to pay Verisign to use Microsoft’s key to sign your bootloaders and make them work. You can also disable Secure Boot on any non-ARM computer.

Last thought, with regards to the FSF's campaign against Secure boot: Some of their concerns (i.e. it makes it harder to install free operating systems) are valid to a point. Saying that the restrictions will "prevent anyone from booting anything but Windows" is demonstrably false though, for the reasons illustrated above. Campaigning against UEFI/Secure Boot as a technology is short-sighted, misinformed, and unlikely to be effective anyways. It's more important to ensure that manufacturers actually follow Microsoft's requirements for letting users disable Secure Boot or change the keys if they so desire.

>>"First of all, Secure Boot is not something that Microsoft came up with. ... It's part of the UEFI specification, which is basically a newer replacement for the old BIOS that you're probably used to. ... UEFI standards are created by a group called the "UEFI Forum", which is made up of computing industry representatives including Microsoft, Apple ... " So what you mean is: Secure Boot is not something that Microsoft came up with all by themselves
–
mcalexDec 30 '12 at 8:25

@mcalex I suppose that is a fair assessment.
–
nhinkle♦Dec 30 '12 at 8:26

2

This is a wonderfully well done explanation. I thought I knew Secure Boot, but I learned plenty from this answer. I am proud to upvote it.
–
Harsha KDec 30 '12 at 11:26

It's not Microsoft that worries me here, it's the manufacturers. Sure, ARM devices might still be seen as toys now, but the various ARM platforms have come an awful long way in the past few years, and I can easily imagine a day when folks use them for more than just watching YouTube videos... Giving up the ability to update or replace the OS now seems short-sighted. That said, thanks for writing this up - it definitely helps clarify what is, and what isn't problematic about Secure Boot.
–
Shog9♦Dec 30 '12 at 19:02